Transcript Overview of PTSC Proposed Standard

Overview of CALEA
Conformance Proposed Standard
PTSC-LAES-2006-084R6
Manish Karir
Outline
1. Architectural Assumptions
– Internet Access Service Provider Model
– Electronic Surveillance Model
– Vocabulary Building
2. CALEA Functions
– Functional Breakdown of Components
– Architecture, Interfaces and Intercept Access
Points
3. CALEA conformance
– Timing Requirements
– CmII/CmC Packet Formats and Encapsulation
– General IASP Requirements
4. Re-Cap and Conclusions
Internet Access Services Model
Source: PTSC-LAES-2006-084R6
Internet Access and Services Model
User’s Three Steps to Gaining Access
1.
Reg-F - Registration Function:
» The act of a user getting access to the
network (e.g. login/authentication of any sort)
2.
Res-F - Reservation Function:
» The user requesting resources from the
network (e.g. requesting an IP address,
temporary addresses are not included)
3.
PT-F - Packet Transfer Function:
» Transfer of Layer-3 packets to/from the
Internet
Electronic Surveillance Model
Components and Responsibilities
1. Service Provider Administration
Responsible for the Access and Delivery
Functions
2. Access Function (AF)
Internet Access Service
Consists of one or more Intercept
Provider Responsibility
Access Points (IAPs)
3. Delivery Function (DF)
Transfer of data from the Access
Function to the Delivery Function
4. Law Enforcement Administration
Controls the LEA collection function
5. Collection Function (CF)
Location where the communication
intercepts are stored
Law Enforcement
Responsibility
Electronic Surveillance Model
Source: PTSC-LAES-2006-084R6
More Definitions /Acronyms





LI - Lawful Intercept
CmII - Communication Identifying Information
(e.g. packet headers…but more…)
CmC - Communication Content (e.g. the packets)
IAP - Intercept Access Point
Combinations:
– AACmII - Access Associated CmII
– CACmII - Content Associated CmII
– CmC-IAPs - The point in the network where
communication content is intercepted
– CmII-IAPs - The point in the network where
communication headers are intercepted
– Note: CmC-IAPs might be different from CmIIIAPs
The 3 Key Concepts
1. CmC - Communication Content
– Captured at CmC-IAPs, full packets
– Packets are passed to Delivery
Function(DF)
– The DF transfers these to the LEA
Collection Function (CF)
2. AACmII - Access Associated CmII
– Essentially login/logout and authorization
activity
– DHCP IP address assigned
– Information provided to CF via the DF
cont.
The 3 Key Concepts
cont.
3. CACmII - Content Associated CmII - 2
methods
– Intercept packet stream to/from subject
and extract IP header information, port
information is optional,(but might be
authorized) finally deliver all header
information to DF or deliver summary
records
– Sample subjects flows such that no flow
can exist without being sampled and
deliver summary records to LEA
Functional Breakdown



CmC/CmII Access Function (AF):
– Responsible for identifying/isolating
CmC/CmII for the subject and presenting it
to the MF/DF
CmC/CmII Mediation Function (MF):
– Responsible for the presentation of
captured information into the appropriate
format for delivery to LEA
CmC/CmII Deliver Function (DF):
– Responsible transmitting data from IASP to
the collection function of the LEA
Functional Lawful Intercept Architecture
Source: PTSC-LAES-2006-084R6
Packet Delivery Interface DF-CF Interface
IASP
Domain
LEA
Domain
OSI
Protocol Stack
A-PDU
CmC & CmII
DF
Application
OSI
Protocol Stack
7
A-PDU
Demarcation
Point
AA-PDU
-
7
6
6
5
5
4
4
3
2
3
DF -DM (A-PDU)
2
1
1
ŌeÕ
Delivery
Method
Delivery
Function
Delivery
Physical
Demarcation
Point
A-PDU = Application Protocol Data Unit (formatted for
ŌeÕinterface)
DF-DM (A -PDU) = encapsulated A - PDU sent by the Delivery Function
Õs Delivery Method
Source: PTSC-LAES-2006-084R6
Method
Collection
Function
C mC & C mII
CF
Application
Intercept Access Points
Delivery Timing Requirements
1. Event Timestamps: Each intercepted message
should contain an accurate timestamp
– CmII: timestamp should be accurate to within
200ms
– CmC: timestamps need to be provided with
each packet
2. Event Timing: Intercepted messages should be
sent to LEA within specified time window
– CmII should be sent by the DF to the CF within
8 seconds 95% of the time
– CmC: ???
Timing Requirements
Source: PTSC-LAES-2006-084R6
T1 is dependent in IASP
T2 is jointly determined by IASP and LEA by choice of
agreed upon protocols and facilities
CmII Access Messages
Access Messages: Notify LEA of access
related functions performed by the
subject including:



Access Attempt (login) - subject begins the
network authentication process
Access Accepted - sent when subject has
successfully authenticated with network AAA
Access Failed - user provides invalid
username/ password or MAC address
cont.
CmII Access Messages
cont.
Access Session End (logout) - subject
initiates disconnect
 Access Rejected - network rejects login
attempt e.g. user is already logged in
somewhere else and network does not
allow multiple logins
 Signaling Message Report - (RADIUS,
DIAMETER, etc.) may be used in place
of the previous messages

CmII Packet Data Messages
Packet Data Messages: Notify LEA of data
related events performed by the subject
Packet Data Session Start - sent when
subject completes login and and IP address
has been assigned
 Packet Data Session Failed - login is
successful but no IP address, e.g. DHCP
pool exhausted
 Packet Data Session End - session timeout

CmII Packet Data Messages
Packet Data Messages: Notify LEA of data
related events performed by the subject



Packet Data Session Already Established - when
surveillance starts after subject login
Packet Data Header Report - packet header
reports on a per-packet basis
Packet Summary Report - periodic summary
reports of packet header data
Example CmII Message Formats
Information Element
M/O/C
Condition
Case Identity
IAP System Identity
Time Stamp
Content Identifier
Header Set
M
M
M
M
M
In formation Element
M/O /C
Case Identity
M
IAP System Identity
M
Time Stamp
M
Subsc riber Ident ity
M
Access Method
C
Provide when known.
Network Access Node Ident ity
C
Provide when known.
IP Address
C
Provide when known.
Access Session Ident ity
M
Access Session Characterist ics
C
Provide when known.
Locat ion Informat ion
C
Provide when reasonably available and lawfully
lawfully authorized.
Protocol Signal
O
Packet
Header Data
Report CmII
Message
C on ditions
Access Accepted
CmII Message
CmC Message Delivery Options




SCTE Datagram Format
ATIS
IAS Datagram
– Encapsulation Approach - one packet per encapsulated
datagram
– UDP/IP based encapsulation; TCP or other transport
protocols are optional
– IC-APDU - Protocol Data Unit Approach - multiple packets
per Datagram
We focus on the IAS Datagram approach as it is the simplest
IAS Datagram Encapsulation Approach




One intercepted packet in
each encapsulated UDP
datagram
Src IP is the address of DF
Dst IP is address of CF
Encapsulation IP Header
Encapsulation UDP Header
Port numbers in UDP header
may be agreed upon by LEA
and IASP
ContentID field is ASCII value
that allows correlation
between CmC and CmII
**Timestamp is RFC3339 compliant:
YYYY-MDDThh:mm:ss.sssZ
**Intercepted Packet includes all headers
Content ID
Time Stamp
Intercepted Packet
IAS Datagram - APDU Approach
Encapsulation IP Header
Encapsulation UDP Header
Number of CmC-APDUs
Content ID
Time Stamp
Sequence Number
Length of 1st CmC-APDU
Length of 2nd CmC-APDU
Length of last CmC-APDU
Intercepted Packet
1st CmC-APDU
2nd CmC-APDU
Last CmC-APDU
A simple extension of the
encapsulation approach,
to include multiple
intercepted packets in a
single encapsulated
packet.
Subject Identification
Two Aspects
1. Login Identification:
– When network requires authentication
prior to use
– CmC and CmII is performed only after
subject has been identified on the
network
– After login; subject can be identified
via unique IP address or session
identifier assigned to subject during
login
cont.
Subject Identification
Two Aspects, cont.
2. Equipment Identification:
– When network does not require
authentication prior to use
– Subject is identified via unique
address or interface
– Intercept in this scenario may be
based on MAC address, IP address
or physical/logical port
Six IASP Requirements
1. Privacy: IASP shall not monitor or
permanently record subjects
communications
2. Isolation: IASP shall ensure that only
the subjects communication is
intercepted
3. Transparency: IASP shall perform the
intercept in a manner such that the
subject cannot reasonably detect that
intercept is being performed
cont.
Six IASP Requirements
cont.
4. Encryption/Compression: IASP shall deliver
the intercept data unencrypted or provide the
LEA with encryption method and keys. IASP
shall provide data uncompressed or identify
means to decompress
5. Security/Integrity: IASP shall ensure
unaltered delivery of intercept data. Security
is to be negotiated between IASP and LEA
6. Performance/Quality: IASP should be able to
perform multiple intercepts at the same time
Re-cap and Conclusions
• This is a simplified overview of the
standard
- Not a substitute for a detailed reading
and interpretation.
• This is a broad introduction to the draft
standard.
- Terminology used
- Rough of the structure of the
proposed standard
cont.
Re-cap and Conclusions –
Remember:
1. The standard itself is unclear in certain areas
- for example:
– The use of encryption by IASP to protect
the CmC
– Specifics such as what is the caseID and
how is it different from content identifier,
IAP system identity, subscriber ID etc.
– Implementation details such as what are
the sizes of the various fields in the packet
headers, what are the timing requirements
for CmC delivery
2. Important to remember that it is still a “draft”
standard and subject to revision.